Attacks and Vulnerabilities
Building Management Systems
CISA
Critical infrastructure
ICS Security Framework
Industries
IT/OT Collaboration
Managed Services
Management & Strategy
Manufacturing
Medical
Mining, Oil & Gas
News
Regulation, Standards and Compliance
Risk & Compliance
SOC & Incident Response
System Design & Architecture
Technology & Solutions
Transportation
Utilities: Energy & Power, Water, Waste

Network resilience is vital for securing critical infrastructure

October 18, 2021
network resilience

The US administration recently hosted 30 countries in a counter-ransomware event that focused on improving network resilience, addressing the abuse of financial mechanisms, and disrupting the ransomware ecosystem. The governments recognize the need for urgent action, common priorities, and complementary efforts to reduce the risk of ransomware.

The National Institute of Standards and Technology (NIST) has defined building network resilience as involving a computing infrastructure that provides continuous business operation which is highly resistant to disruption and able to operate in a degraded mode if damaged, can rapid recovery if the failure does occur, and can scale to meet rapid or unpredictable demands. Network resilience could help especially the critical infrastructure continue to deliver services in a satisfactory fashion despite possible disruptions in the network infrastructure and/or one that returns to normal operation quickly after a disturbance.

Ransomware poses a significant risk to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity. As with other cyber threats, the threat of ransomware is complex and global in nature and requires a shared response. “A nation’s ability to effectively prevent, detect, mitigate and respond to threats from ransomware will depend, in part, on the capacity, cooperation, and resilience of global partners, the private sector, civil society, and the general public,” according to a joint statement released by the White House after the virtual meeting.

“Efforts will include improving network resilience to prevent incidents when possible and respond effectively when incidents do occur; addressing the abuse of financial mechanisms to launder ransom payments or conduct other activities that make ransomware profitable; and disrupting the ransomware ecosystem via law enforcement collaboration to investigate and prosecute ransomware actors, addressing safe havens for ransomware criminals, and continued diplomatic engagement,” the statement added.

The representatives noted that law enforcement and cybersecurity capacity can be significant limiting factors in a state’s ability to address cybercrime, diplomacy in the form of coordinated capacity building has the potential to serve as a force multiplier in the fight against ransomware. “We will share approaches to capacity building, highlight resources and programs that are available, and take steps to coordinate such work when appropriate to ensure capacity building complements other actions to minimize the ransomware threat,” the statement said.

Network resilience is about more than technical capabilities, as it also requires effective policy frameworks, appropriate resources, clear governance structures, transparent and well-rehearsed incident response procedures, according to the statement. It also includes a trained and ready workforce, partnership with the private sector, and consistently enforced legal and regulatory regimes.

However, several universal cybersecurity best practices can reduce the likelihood of a ransomware incident and mitigate the risk from a host of other cyber threats. These basic steps include maintaining offline data backups, the use of strong passwords and multi-factor authentication, ensuring software patches are up to date, and educating against clicking suspicious links or opening untrusted documents.

The nations are also enhancing their efforts to disrupt the ransomware business model and associated money-laundering activities, including ensuring national anti-money laundering (AML) frameworks that help with the identification and mitigation of risks associated with virtual asset service providers (VASPs) and related activities.

“We will enhance the capacity of our national authorities, to include regulators, financial intelligence units, and law enforcement to regulate, supervise, investigate, and take action against virtual asset exploitation with appropriate protections for privacy, and recognizing that specific actions may vary based on domestic contexts.  We will also seek out ways to cooperate with the virtual asset industry to enhance ransomware-related information sharing,” the statement proposed.

The joint statement also intends “to cooperate with each other and with other international partners to enhance the exchange of information and provide requested assistance where able to combat ransomware activity leveraging infrastructure and financial institutions within our territories. We will consider all national tools available in taking action against those responsible for ransomware operations threatening critical infrastructure and public safety,” it added.

In a recent report for the World Economic Forum, Renaud Guidée, insurance firm AXA’s Group chief risks officer wrote that just 26 percent of experts said they thought their governments are prepared for cyber risks – this is a figure that has not improved since the question was first asked in 2019.

“The last year has seen cybercrime become firmly established as a sophisticated shadow industry, with the rise of ‘ransomware-as-a-service’ providers and new cryptocurrencies enabling money to be extorted with greater stealth,” according to Guidée. “As insurers, we see a pressing need for better alignment between the private and public sectors in their handling of cyber risks. It is often very difficult to distinguish ransomware attacks by highly organized criminal gangs from acts of cyber warfare sponsored by nation-states,” he added.

Ransomware continues to be one of the largest cybercrime threats and, in the past year, it has continued to evolve to become more disruptive, Tom Burt, Microsoft’s corporate vice president for customer security and trust, wrote in a company blog post. “Rather than focus on automated attacks that rely on volume and easily paid low demands to generate profit, human-operated ransomware uses intelligence gleaned from online sources, stealing and studying a victim’s financial and insurance documents and investigating compromised networks to select targets and set much higher ransom demands,” he added.

New data released by the Financial Crimes Enforcement Network (FinCEN) on Friday shows the increasing threat ransomware posed to the U.S financial sector, businesses, and the public during the first half of 2021.

In its Financial Trend Analysis, FinCEN reported an increase in number and severity of ransomware attacks against U.S. critical infrastructure since late 2020, showed that FinCEN analysis of the number of ransomware-related ​​suspicious activity reports (SARs) filed monthly has grown rapidly, with 635 SARs filed and 458 transactions reported between Jan.1 and Jun. 30 this year, an increase of 30 percent from the total of 487 SARs filed for the entire 2020 calendar year.

The total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 was US$590 million, which exceeds the value reported for the entirety of 2020 of $416 million, according to the FinCEN report. Ransomware hackers develop their own versions of ransomware, known as ‘variants,’ and these versions are given new names based on a change to software or to denote a particular threat actor behind the malware. FinCEN identified 68 ransomware variants reported in SAR data for transactions during the review period. The most commonly reported variants were REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos, it added.

“Ransomware actors are criminals who are enabled by gaps in compliance regimes across the global virtual currency ecosystem,” Wally Adeyemo, Deputy Secretary of the Treasury, said in a media statement. “Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity.”

FinCEN also identified and analyzed 177 unique convertible virtual currency (CVC) wallet addresses used for ransomware-related payments associated with the 10 most commonly reported ransomware variants in SARs during the review period. Based on blockchain analysis of identifiable transactions with the 177 CVC wallet addresses, FinCEN identified approximately $5.2 billion in outgoing BTC (bitcoin) transactions potentially tied to ransomware payments.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation